6 results (0.008 seconds)

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 2

CVE-2010-4930 – @Mail 6.1.9 - 'MailType' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2010-4930

Cross-site scripting (XSS) vulnerability in index.php in @mail Webmail before 6.2.0 allows remote attackers to inject arbitrary web script or HTML via the MailType parameter in a mail/auth/processlogin action. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en index.php de @mail Webmail antes de v6.2.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro MailType en una acción mail/auth/processlogin • https://www.exploit-db.com/exploits/34690 http://osvdb.org/68183 http://secunia.com/advisories/41555 http://securityreason.com/securityalert/8455 http://www.securityfocus.com/archive/1/513890/100/0/threaded http://www.securityfocus.com/bid/43377 https://exchange.xforce.ibmcloud.com/vulnerabilities/61958 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0

CVE-2007-2825

https://notcve.org/view.php?id=CVE-2007-2825

Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in @Mail 5.02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) links and (2) images. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en ReadMsg.php de @Mail 5.02 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificados implicando (1) enlaces e (2) imágenes. • http://osvdb.org/36826 http://secunia.com/advisories/25506 http://terra.calacode.com/mail/docs/changelog.html http://www.securityfocus.com/bid/24260 https://exchange.xforce.ibmcloud.com/vulnerabilities/34376 •

CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0

CVE-2007-2153

https://notcve.org/view.php?id=CVE-2007-2153

Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en atmail.php in @Mail 5.0 permite a atacantes remotos inyectar scripts web o HTML de su elección a través del parámetro username. • http://securityreason.com/securityalert/2594 http://www.majorsecurity.de/index_2.php?major_rls=major_rls43 http://www.securityfocus.com/archive/1/465378/100/100/threaded http://www.securityfocus.com/bid/23428 https://exchange.xforce.ibmcloud.com/vulnerabilities/33591 •

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

CVE-2007-0953

https://notcve.org/view.php?id=CVE-2007-0953

Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en search.pl en @Mail 4.61 y anteriores permite a un atacante remoto inyectar secuencias de comandos web o HTML a través del parámetro keywords. • http://kb.atmail.com/?p=410 http://lostmon.blogspot.com/2007/02/mail-searchpl-keywords-variable-cross.html http://osvdb.org/33193 http://secunia.com/advisories/24155 http://www.securityfocus.com/bid/22552 http://www.vupen.com/english/advisories/2007/0603 https://exchange.xforce.ibmcloud.com/vulnerabilities/32483 •

CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0

CVE-2006-6701

https://notcve.org/view.php?id=CVE-2006-6701

Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en @Mail WebMail 4.51 y util.php en 5.x anterior a 5.03, permite a un atacante remoto realizar acciones no autorizadas como otros usuarios a través de vectores no especificados. NOTA: Está información se basa en una introducción inicial. Los detalles se obtendrán después de que elperiodo de gracia haya finalizado. • http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0512.html http://secunia.com/advisories/23472 http://secunia.com/advisories/25328 http://securitytracker.com/id?1017435 http://terra.calacode.com/mail/docs/changelog.html http://www.netragard.com/html/recent_research.html http://www.netragard.com/pdfs/research/ATMAIL-XSRF-ADVISORY-20061206.txt http://www.securityfocus.com/archive/1/458109/100/100/threaded http://www.vupen.com/english/advisories/2007/1864 https://exchange • CWE-352: Cross-Site Request Forgery (CSRF) •